Hello everbody,
Since I am quite new here I wanted to know which steps are necessary for good opsec. Though I do not do anything harmful here, I would like to know which programs and websites are necessary to remain safe and anonymous when opening any links or downloading something on breached. Currently I am only using NordVPN though. Not having downloaded any special programs yet.
I also have some other questions.
Do I have to encrypt my files? Is it okay to use breached from home? Did you sign up on breached with your real mail address? Is it bad if I used breached before without VPN? When I log in on breached when I am using the wifi of a coffee shop for example, can someone know that it's me using breached?
Sorry for these dumb questions but I would be grateful if you reply! :)

(October 2, 2022, 12:39 AM)Nea99 Wrote: Hello everbody,
Since I am quite new here I wanted to know which steps are necessary for good opsec. Though I do not do anything harmful here, I would like to know which programs and websites are necessary to remain safe and anonymous when opening any links or downloading something on breached. Currently I am only using NordVPN though. Not having downloaded any special programs yet.
I also have some other questions.
Do I have to encrypt my files? Is it okay to use breached from home? Did you sign up on breached with your real mail address? Is it bad if I used breached before without VPN? When I log in on breached when I am using the wifi of a coffee shop for example, can someone know that it's me using breached?
Sorry for these dumb questions but I would be grateful if you reply! :)

https://www.privacyguides.org/ has some good resources. Also, it's not something you just "get", it's something you practice through various precautions in my opinion.

opsec only matters if you're a pussy about urself, my irl name is ignacio and i live in chile

Good OPSEC should be based on your threat level, aka who is coming after you and your personal level of experience and dedication since you could have the best OPSEC strategy but its worthless unless you can keep it up for as long as you are at risk.

As far as what you asked for use a Virtual Machine to run programs downloaded from here and dont worry about all that other stuff if you dont plan to do anything dumb.

As for OPSEC in general:

The best thing for OPSEC is no mix and match for example don't use the same email, don't use the same browser if you have multiple accounts, don't use the same passwords because if you mix your personal stuff with whatever else you do you are bound to fuck it up by accident and expose something.

Don't reuse usernames so accounts can't be linked between one another on different services and such.

Don't use basically anything from Google, Facebook, Microsoft and such since they WILL cooperate with law enforcement.

Encrypt hard drives and files.

And don't trust NordVPN and other services that are highly advertised like that, they won't do much against an investigation but its good enough if its not the Government that's after you.

That's what i think the gist of it would be, but don't be alarmed, most of the time it's not that extreme it again depends on what your threat level is.

(October 3, 2022, 03:21 PM)KN8 Wrote: Good OPSEC should be based on your threat level, aka who is coming after you and your personal level of experience and dedication since you could have the best OPSEC strategy but its worthless unless you can keep it up for as long as you are at risk.

As far as what you asked for use a Virtual Machine to run programs downloaded from here and dont worry about all that other stuff if you dont plan to do anything dumb.

As for OPSEC in general:

The best thing for OPSEC is no mix and match for example don't use the same email, don't use the same browser if you have multiple accounts, don't use the same passwords because if you mix your personal stuff with whatever else you do you are bound to fuck it up by accident and expose something.

Don't reuse usernames so accounts can't be linked between one another on different services and such.

Don't use basically anything from Google, Facebook, Microsoft and such since they WILL cooperate with law enforcement.

Encrypt hard drives and files.

And don't trust NordVPN and other services that are highly advertised like that, they won't do much against an investigation but its good enough if its not the Government that's after you.

That's what i think the gist of it would be, but don't be alarmed, most of the time it's not that extreme it again depends on what your threat level is.

Thanks! That helped me very much!